Real Name

Location

Interests

Website

Skype

Hi,
After using Ultimate SEO url my clients can not longer log in, create an account nor click any buttons for that matter that would do anything. My config files are correct, everything else works fine except that part. when I revert or simply remove part of the plugin everything works well again, that is, log in, create an account and click any buttons that would do anything.
I would really like to use this plugin however if there is no fix for this i would have to change it...
Someone please help me
Thanks

I have a very heavily modified install of osC 2.2 MS2 - 060817. Recently I changed the entire shop to use HTTPS. To achieve this, I changed the two configure.php files - the one for the shop and the one for the administration section. The relevant part of the shop's configure.php is now:
define('HTTP_SERVER', 'https://www.my*web*shop.nl'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://www.my*web*shop.nl'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'www.my*web*shop.nl');
define('HTTPS_COOKIE_DOMAIN', 'www.my*web*shop.nl');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');
(...)
define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
Administration > Configure > Sessions is this:
Session Directory /usr/local/sites/*******/tmp/
Force Cookie Use False
Check SSL Session ID False
Check User Agent False
Check IP Address False
Prevent Spider Sessions True
Recreate Session True
Now a problem occurs. The osCsid stays in the URL all the time (not really recommended) and logging in is not possible.
If I manually remove the osCsid variable form the URL I can login, but obviously this is not something I can expect my customers to do.
I found two possible solutions, by changing the settings in Configure > Sessions: 1. Set the value for "Force Cookie Use" to TRUE.
Now the osCsid simply never appears in the URL (is that good or bad?) and visitors must have cookies enabled (workable, but not perfect).
or 2. Set the value for "Recreate Session" to FALSE.
The osCsid variable keeps on appearing in the URL every click (not really good), but at least the visitor can log in.
But these are not really the solutions I want. While the site was completely NON-SSL, the osCsid variable showed up only once in the URL, and disappeared the next click. I do not force visitors to use cookies. And I recreate the session. That's how I like it to be.
My question:
Why is the behavior different when using SSL? Or rather: what should I do/change so that
- visitors can log in
- the osCsid variable appears only once in the URL
- Force cookie use can be FALSE
- Recreate Session can be TRUE
just like it used to be when the shop was NONSSL.
Or if I am asking something impossible, what are the (serious) down sides to Force Cookie Use : True and Recreate Session : False?
For example, I read elsewhere on the forum some vague rumors that some payment processors need an osCsid or that not recreating the session could be a security issue.
Btw, the shop is so heavily modified that a complete upgrade to osC 2.3.4 BS Edge or so is not an option.

I've ran across a security issue that everyone should be aware of. I recently worked on two, unrelated, shops that had been hacked. One was an RC2 shop while the other was a fairly recent BS shop. Both had renamed admin directories. I was not able to find the way in the hacker used since the hacking had occurred over a month before in both cases.
However, the change made by the hacker was the same in both cases. Code was added to the checkout pages to record the customer details and to write them to a .txt file in the admin/includes/local/ directory. It turns out that that directory (any directory in admin) is not protected with the normal on-page login. So without being logged in, the hacker could read the file by going to https://example.com/admin/local/hacker.txt. You can test this on your own site by visiting https://your domain/your admin/local/README The README file is a standard file included in all oscommerce versions. If you can read that file via the url, then your admin is not secure. The fix is to add a popup login using the .htaccess method.
This change won't prevent the reason it happened in the first place but it will prevent the data from being used should it happen.

Please please.. Who can help me?
I have OsC2.3.4BS Edge on PHP5.6.
Existing clients with >1 address get this error: (see attached image)
Warning: session_start(): Failed to decode session object. Session has been destroyed.
The effect is that the checkout procedure is redirected to the login page again
This line: ...\sessions.php:122 contains this:
return session_start();
This code previously used to be at line 95 (I did only add some comment).
Please help, I have been researching for days already, without results..
Much obliged if..
Eveline Bernard

hi there
I have recently put login with Paypal on my site. All works but it asks for confirmation everytime I login to it.
i thought that after the initial request it would auto approve... any ideas?
Doug

Hi all,
I have started figure out Facebook Login and put into the Facebook APP interface
https://github.com/Gergely/facebook-app
Any proposal appreciated. Testers wanted. Facebook Login enable to log in with facebook account and create a social account in the shop.
FBLogin registrate the user with origin facebook email address.
Thanks

Hi,
My Oscommerce admin login page not show any thing, first time when i login it asking me password then i put the password it show me the admin page with userid or password but it redirect to home page.... after that i will open login page its show blank page....
please help me for that

Would anybody be able to shed some light on this error?
I understand that it's generated by the mod_security module on my server but is this purely my server-side? I've followed the instructions to the letter but after putting in my login details in the PayPal Login pop-up window I get the above. If I have to contact my host, then fair enough but is there any way that I could do this myself? Every search I do for it only returns articles about WordPress.
Regards,
Graham
p.s. I wasn't sure which sub-forum to put this in. I decided on here as the module came with the 2.3.4 package.

I'm running v2.3.3.
I downloaded this contribution: http://addons.oscommerce.com/info/8727
I've followed all of the instructions properly.
Okay, so here is where it all falls apart.
I'm browsing the admin section, and decide to visit the "Sliders" admin area under "Configuration"...
When I click on "Sliders", I am logged out, and a new session ID is generated (login.php?osCAdminID=<new session id here>)
When I log back in, I land on the "Sliders" admin panel (with same session ID shown on login page).
If I then try to upload a slider, I'm logged out, and a new session ID is generated (shown on the login page).
So there you have it - when I try to navigate to the slider settings page, I'm logged out, and when I try to upload an image, I'm logged out.
I have no other issues with this happening anywhere else on the store or any other session issues. My store is running perfectly fine.
I installed this addon, and this issue only arises when accessing or using the particular admin panel for the addon.
Any help would be appreciated!
Cordially,
Robert Whitis

Hello,
I bought a premium theme for oscommerce and I installed it into my store, so my files are quite different from the original ones. So, to add the Portuguese language, I copied all the english files on the includes/languages/english folder, and I translated them one by one to portuguese. Know that I'm almost finished, I encountered an expected error. When I try to login (as a costumer) on the store, with the english language on, everything goes well. But with the portuguese language on, I cant do the login. It goes back to the index page, but the client is not logged in.
You can try and see yourselves:
store: oursweetevents.com
user: queiroga_14@hotmail.com
pass: 12345
Can anyone figure out what's going wrong?
Thanks